fix: booking security 설정 core로 이동

api/api-booking/build.gradle

@@ -15,8 +15,4 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-data-redis'
     implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
     implementation 'org.springframework.boot:spring-boot-starter-security'
-
-    implementation 'io.jsonwebtoken:jjwt-api:0.12.3'
-    implementation 'io.jsonwebtoken:jjwt-impl:0.12.3'
-    implementation 'io.jsonwebtoken:jjwt-jackson:0.12.3'
 }

api/api-booking/src/main/java/com/pgms/apibooking/common/exception/BookingException.java

@@ -1,5 +1,7 @@
 package com.pgms.apibooking.common.exception;
 
+import com.pgms.coredomain.domain.common.BookingErrorCode;
+
 import lombok.Getter;
 
 @Getter

api/api-booking/src/main/java/com/pgms/apibooking/common/exception/BookingExceptionHandler.java

@@ -15,6 +15,7 @@
 import org.springframework.web.context.request.WebRequest;
 import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
 
+import com.pgms.coredomain.domain.common.BookingErrorCode;
 import com.pgms.coredomain.response.ErrorResponse;
 
 import lombok.extern.slf4j.Slf4j;

api/api-booking/src/main/java/com/pgms/apibooking/common/interceptor/BookingSessionInterceptor.java

@@ -3,7 +3,7 @@
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.HandlerInterceptor;
 
-import com.pgms.apibooking.common.exception.BookingErrorCode;
+import com.pgms.coredomain.domain.common.BookingErrorCode;
 import com.pgms.apibooking.common.exception.BookingException;
 
 import jakarta.servlet.http.HttpServletRequest;

api/api-booking/src/main/java/com/pgms/apibooking/domain/booking/service/BookingService.java

@@ -11,9 +11,9 @@
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
-import com.pgms.apibooking.common.exception.BookingErrorCode;
+import com.pgms.coredomain.domain.common.BookingErrorCode;
 import com.pgms.apibooking.common.exception.BookingException;
-import com.pgms.apibooking.common.jwt.BookingAuthToken;
+import com.pgms.coresecurity.security.jwt.booking.BookingAuthToken;
 import com.pgms.apibooking.config.TossPaymentConfig;
 import com.pgms.apibooking.domain.booking.dto.request.BookingCancelRequest;
 import com.pgms.apibooking.domain.booking.dto.request.BookingCreateRequest;

api/api-booking/src/main/java/com/pgms/apibooking/domain/bookingqueue/service/BookingQueueService.java

@@ -4,10 +4,10 @@
 
 import org.springframework.stereotype.Service;
 
-import com.pgms.apibooking.common.exception.BookingErrorCode;
+import com.pgms.coredomain.domain.common.BookingErrorCode;
 import com.pgms.apibooking.common.exception.BookingException;
-import com.pgms.apibooking.common.jwt.BookingJwtPayload;
-import com.pgms.apibooking.common.jwt.BookingJwtProvider;
+import com.pgms.coresecurity.security.jwt.booking.BookingJwtPayload;
+import com.pgms.coresecurity.security.jwt.booking.BookingJwtProvider;
 import com.pgms.apibooking.domain.bookingqueue.dto.request.BookingQueueEnterRequest;
 import com.pgms.apibooking.domain.bookingqueue.dto.request.BookingQueueExitRequest;
 import com.pgms.apibooking.domain.bookingqueue.dto.request.TokenIssueRequest;

api/api-booking/src/main/java/com/pgms/apibooking/domain/payment/service/PaymentService.java

@@ -12,7 +12,7 @@
 import com.pgms.apibooking.domain.payment.dto.response.PaymentCardResponse;
 import com.pgms.apibooking.domain.payment.dto.response.PaymentFailResponse;
 import com.pgms.apibooking.domain.payment.dto.response.PaymentVirtualResponse;
-import com.pgms.apibooking.common.exception.BookingErrorCode;
+import com.pgms.coredomain.domain.common.BookingErrorCode;
 import com.pgms.apibooking.common.exception.BookingException;
 import com.pgms.apibooking.common.util.DateTimeUtil;
 import com.pgms.coredomain.domain.booking.Booking;

api/api-booking/src/main/java/com/pgms/apibooking/domain/payment/service/TossPaymentServiceImpl.java

@@ -18,7 +18,7 @@
 import com.pgms.apibooking.domain.payment.dto.request.PaymentConfirmRequest;
 import com.pgms.apibooking.domain.payment.dto.response.PaymentCancelResponse;
 import com.pgms.apibooking.domain.payment.dto.response.PaymentSuccessResponse;
-import com.pgms.apibooking.common.exception.BookingErrorCode;
+import com.pgms.coredomain.domain.common.BookingErrorCode;
 import com.pgms.apibooking.common.exception.BookingException;
 
 import lombok.RequiredArgsConstructor;

api/api-booking/src/main/java/com/pgms/apibooking/domain/seat/service/SeatService.java

@@ -9,7 +9,7 @@
 
 import com.pgms.apibooking.domain.seat.dto.request.SeatsGetRequest;
 import com.pgms.apibooking.domain.seat.dto.response.AreaResponse;
-import com.pgms.apibooking.common.exception.BookingErrorCode;
+import com.pgms.coredomain.domain.common.BookingErrorCode;
 import com.pgms.apibooking.common.exception.BookingException;
 import com.pgms.coredomain.domain.event.EventSeat;
 import com.pgms.coredomain.domain.event.EventSeatStatus;

api/api-booking/src/main/resources/application.yml

@@ -14,11 +14,6 @@ spring:
 payment:
   toss:
     test-client-api-key: test_ck_Gv6LjeKD8aE1pdWDXXNw8wYxAdXy
-    test-secret-api-key: test_sk_eqRGgYO1r5MNel9067jarQnN2Eya # 노출되면 안됨!! 임시값 넣어놓음
+    test-secret-api-key: test # 노출되면 안됨!! 임시값 넣어놓음
     success-url: https://localhost:8080/api/v1/success
     fail-url: https://localhost:8080/api/v1/fail
-
-booking-jwt:
-  issuer: booking
-  secret-key: EENY5W0eegTf1naQB2eDeyCLl5kRS2b8xa5c4qLdS0hmVjtbvo8tOyhPMcAmtPu
-  expiry-seconds: 420

api/api-booking/src/test/java/com/pgms/apibooking/fake/TossPaymentServiceFake.java

@@ -11,7 +11,7 @@
 import com.pgms.apibooking.domain.payment.dto.response.PaymentSuccessResponse;
 import com.pgms.apibooking.domain.payment.dto.response.PaymentVirtualResponse;
 import com.pgms.apibooking.domain.payment.dto.response.RefundAccountResponse;
-import com.pgms.apibooking.common.exception.BookingErrorCode;
+import com.pgms.coredomain.domain.common.BookingErrorCode;
 import com.pgms.apibooking.common.exception.BookingException;
 import com.pgms.apibooking.domain.payment.service.TossPaymentService;
 import com.pgms.coredomain.domain.booking.Booking;

api/api-booking/src/test/java/com/pgms/apibooking/service/BookingServiceTest.java

@@ -14,7 +14,7 @@
 import org.springframework.context.annotation.Import;
 import org.springframework.transaction.annotation.Transactional;
 
-import com.pgms.apibooking.common.exception.BookingErrorCode;
+import com.pgms.coredomain.domain.common.BookingErrorCode;
 import com.pgms.apibooking.common.exception.BookingException;
 import com.pgms.apibooking.config.TestConfig;
 import com.pgms.apibooking.domain.booking.dto.request.BookingCancelRequest;

api/api-booking/src/main/java/com/pgms/apibooking/common/exception/BookingErrorCode.java → core/core-domain/src/main/java/com/pgms/coredomain/domain/common/BookingErrorCode.java

@@ -1,13 +1,15 @@
-package com.pgms.apibooking.common.exception;
+package com.pgms.coredomain.domain.common;
 
 import org.springframework.http.HttpStatus;
 
+import com.pgms.coredomain.response.ErrorResponse;
+
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 
 @Getter
 @RequiredArgsConstructor
-public enum BookingErrorCode {
+public enum BookingErrorCode implements BaseErrorCode{
 	SEAT_NOT_FOUND(HttpStatus.BAD_REQUEST, "SEAT_NOT_FOUND", "존재하지 않는 좌석입니다."),
 	SEAT_BEING_BOOKED(HttpStatus.BAD_REQUEST, "SEAT_BEING_BOOKED", "예매중인 좌석입니다."),
 	SEAT_ALREADY_BOOKED(HttpStatus.BAD_REQUEST, "SEAT_ALREADY_BOOKED", "예매된 좌석입니다."),
@@ -41,4 +43,9 @@ public enum BookingErrorCode {
 	private final HttpStatus status;
 	private final String code;
 	private final String message;
+
+	@Override
+	public ErrorResponse getErrorResponse() {
+		return new ErrorResponse(code, message);
+	}
 }

core/core-security/build.gradle

@@ -12,7 +12,7 @@ dependencies {
     // security
     implementation 'org.springframework.boot:spring-boot-starter-security'
     implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
-    implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
-    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'
-    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5'
+    implementation 'io.jsonwebtoken:jjwt-api:0.12.3'
+    implementation 'io.jsonwebtoken:jjwt-impl:0.12.3'
+    implementation 'io.jsonwebtoken:jjwt-jackson:0.12.3'
 }

api/api-booking/src/main/java/com/pgms/apibooking/config/JwtConfig.java → core/core-security/src/main/java/com/pgms/coresecurity/security/config/BookingJwtConfig.java

@@ -1,17 +1,17 @@
-package com.pgms.apibooking.config;
+package com.pgms.coresecurity.security.config;
 
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
-import com.pgms.apibooking.common.jwt.BookingJwtProvider;
+import com.pgms.coresecurity.security.jwt.booking.BookingJwtProvider;
 
 import io.jsonwebtoken.security.Keys;
 import lombok.Getter;
 
 @Getter
 @Configuration
-public class JwtConfig {
+public class BookingJwtConfig {
 
 	@Value("${booking-jwt.issuer}")
 	private String issuer;

core/core-security/src/main/java/com/pgms/coresecurity/security/jwt/JwtTokenProvider.java

@@ -1,13 +1,14 @@
 package com.pgms.coresecurity.security.jwt;
 
-import java.security.Key;
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Date;
 import java.util.UUID;
 import java.util.stream.Collectors;
 
+import javax.crypto.SecretKey;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
@@ -23,7 +24,6 @@
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.MalformedJwtException;
-import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.UnsupportedJwtException;
 import io.jsonwebtoken.io.Decoders;
 import io.jsonwebtoken.security.Keys;
@@ -48,24 +48,24 @@ public String generateAccessToken(UserDetailsImpl userDetails) {
 
 		return Jwts.builder()
 			.claim("id", userDetails.getId())
-			.setSubject((userDetails.getUsername()))
-			.setIssuedAt(Date.from(now))
-			.setExpiration(Date.from(expirationTime))
+			.subject((userDetails.getUsername()))
+			.issuedAt(Date.from(now))
+			.expiration(Date.from(expirationTime))
 			.claim("authority", authorities)
-			.signWith(key(), SignatureAlgorithm.HS256)
+			.signWith(key())
 			.compact();
 	}
 
-	private Key key() {
+	private SecretKey key() {
 		return Keys.hmacShaKeyFor(Decoders.BASE64.decode(secretKey));
 	}
 
 	public Authentication getAuthentication(String accessToken) {
-		Claims claims = Jwts.parserBuilder()
-			.setSigningKey(key())
+		Claims claims = Jwts.parser()
+			.verifyWith(key())
 			.build()
-			.parseClaimsJws(accessToken)
-			.getBody();
+			.parseSignedClaims(accessToken)
+			.getPayload();
 
 		Collection<? extends GrantedAuthority> authorities =
 			Arrays.stream(claims.get("authority").toString().split(","))
@@ -79,7 +79,7 @@ public Authentication getAuthentication(String accessToken) {
 
 	public boolean validateAccessToken(String authToken) {
 		try {
-			Jwts.parserBuilder().setSigningKey(key()).build().parse(authToken);
+			Jwts.parser().verifyWith(key()).build().parse(authToken);
 			return true;
 		} catch (MalformedJwtException e) {
 			logger.error("Invalid JWT token: {}", e.getMessage());

api/api-booking/src/main/java/com/pgms/apibooking/common/exception/BookingAuthEntryPoint.java → core/core-security/src/main/java/com/pgms/coresecurity/security/jwt/booking/BookingAuthEntryPoint.java

@@ -1,4 +1,4 @@
-package com.pgms.apibooking.common.exception;
+package com.pgms.coresecurity.security.jwt.booking;
 
 import java.io.IOException;
 
@@ -8,6 +8,8 @@
 import org.springframework.stereotype.Component;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.pgms.coredomain.domain.common.BaseErrorCode;
+import com.pgms.coredomain.domain.common.BookingErrorCode;
 import com.pgms.coredomain.response.ErrorResponse;
 
 import jakarta.servlet.ServletException;
@@ -28,11 +30,11 @@ public BookingAuthEntryPoint() {
 	@Override
 	public void commence(HttpServletRequest request, HttpServletResponse response,
 		AuthenticationException authException) throws IOException, ServletException {
-		BookingErrorCode errorCode = BookingErrorCode.BOOKING_TOKEN_NOT_EXIST;
+		BaseErrorCode errorCode = BookingErrorCode.BOOKING_TOKEN_NOT_EXIST;
 		response.setStatus(errorCode.getStatus().value());
 		response.setContentType(MediaType.APPLICATION_JSON_VALUE);
 
-		ErrorResponse errorResponse = new ErrorResponse(errorCode.getCode(), errorCode.getMessage());
+		ErrorResponse errorResponse = errorCode.getErrorResponse();
 		response.getWriter().write(objectMapper.writeValueAsString(errorResponse));
 	}
 }

api/api-booking/src/main/java/com/pgms/apibooking/common/jwt/BookingAuthToken.java → core/core-security/src/main/java/com/pgms/coresecurity/security/jwt/booking/BookingAuthToken.java

@@ -1,4 +1,4 @@
-package com.pgms.apibooking.common.jwt;
+package com.pgms.coresecurity.security.jwt.booking;
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;